Hi,
i want to connect 2 Locations with VPN.
And also Clients to this Locations.
How can i do this?

Is there a Howto?

This Section of the IPsec manual is pretty comprehensive and should exactly do what you want to accomplish.

Since IPsec is a cpu-hog, I'd advise to use it on routers with h/w acceleration olnly (all CCR series, 1100AHx4, RG750Gr3, RB3011).

-Chris

Thanks Chris,
i will try it

Update:
I configured Site 1 and 2 exact like this Manual.
Except Client Peer add address =n.mynetname.net , changed to my actual public IP of Site 1

Now i get "ipsec ipsec-: connect (Network is unreachable)" on Site 2
What´s wrong?

Have forwarded Port 500 and 4500 UDP on Site 1

Ok, now it works. The Destination DNS didn´t work correctly.
I put now IP instead the Name

Chris, but how can i reach the local Subnet (192.168.1.0 and 192.168.10.0)?

Now that's a good start.
All that's left is adding routes through the tunnel.

Assuming 192.168.1.0/24 is on the tunnel local IP of 192.168.99.1
and 192.168.10.0/24 is on the tunnel local IP of 192.168.99.2

do this:
And you should be good to go.
-Chris

Sounds good, i will try it.
And this Configuration is secure with Android Clents for Example?

Now that's a good start.
All that's left is adding routes through the tunnel.

Assuming 192.168.1.0/24 is on the tunnel local IP of 192.168.99.1
and 192.168.10.0/24 is on the tunnel local IP of 192.168.99.2

do this:

Code: Select all

#on router 1
/ip route
add dst-address=192.168.1.0/24 gateway=192.168.99.1 distance=20

#on router 2
/ip route
add dst-address=192.168.10.0/24 gateway=192.168.99.2 distance=20

And you should be good to go.
-Chris

I´ve done this Configuration.
But on Route List it shows "192.168.99.2 unreachable"

Could someone help me, please